Home » Exchange Server » Remove Internal Exchange Server Names and IP Addresses from Message Headers

Remove Internal Exchange Server Names and IP Addresses from Message Headers

When you send an email message, the recipient can view the headers of the message and see all of the “hops” that the message went through on its journey from one mailbox to another.

message-headers-01

The header info is very useful in troubleshooting situations, because you can copy/paste it into tools like the message analyzer in the Microsoft Remote Connectivity Analyzer and look at things like delays in message transfer between servers along the route the message took.

message-headers-02

However, some organizations don’t want their internal Exchange server names and IP addresses exposed in the message headers of emails sent outside of their organization. To remove them, you can use a feature called the header firewall, which is explained in detail on TechNet.

The first step is to determine the name of your outbound send connector for internet email. In my environment an Edge Transport server is used for outbound mail, so the outbound send connector is named “EdgeSync – Datacenter1 to Internet” (Datacenter1 is the name of the Active Directory site the Edge server is subscribed to). I want to remove the message headers for outbound mail sent over that connnector only, and not impact the messages sent over other connectors to Office 365 or the Globomantics partner organization.

The command to remove the message headers is as follows:

After running that command, I needed to wait for EdgeSync to run (or run it manually) before the change would take effect. After the change has taken effect, outbound messages no longer contain the internal server names and IP addresses in the headers. Only the Edge Transport server name and IP address are shown.

message-headers-03

message-headers-04

If you need to reverse the change, use Add-AdPermission instead of Remove-AdPermission.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

20 comments

    • Yes, but be cautious as I’ve seen that cause Gmail to start rejecting email due to IPv6 requirements. If for some reason you can’t meet the IPv6 requirements they’re looking for, setting the SourceIPAddress on send connector (for Edge Transport scenarios) to the public IPv4 address of the server seems to fix it up.

  1. Noel says:

    Paul, you mentioned at the beginning of the article that you the header firewall feature, but it seems to be you only need to run the command you ran. I am not clear about how to apply that feature.

    What am I missing?

  2. Mark says:

    I was doing this previously using transport rules in Exchange 2007, which I replicated on the 2013 Edge servers. This method looks much simpler and cleaner, though.

  3. Alexey says:

    Thanks, Paul for your posts! Is there a way to customize or rewrite Message-ID header to eliminate internal server name as well?

  4. asmaaa515687 says:

    Hello,

    I am trying to remove Received Headers from outbound emails. I try the cmd Get-SendConnector “My send connector” | Add-ADPermission -User “NT AUTHORITYANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing
    And i have run the edgesync service using the cmd Start-EdgeSynchronization -Server Mailbox01
    But my send connector still show Received Headers.
    Could u help me please to find solution to this problem

  5. asmaaa515687 says:

    I’ve used Get-SendConnector “My send connector” | Add-ADPermission -User “NT AUTHORITYANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing but still see the received headers in outgoing emails.

    • asmaaa515687 says:

      Sorry i meant I’ve used Get-SendConnector “My send connector” | REMOVE-ADPermission -User “NT AUTHORITYANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing but still see the received headers in outgoing emails.

  6. Syed Ahmed says:

    Hi Paul,

    We have a case when the emails sent out from our Exchange is adding data to the header which is causing the emails to be rejected by receiving server because of a limitation(i.e., header size exceeded). We are using Connector to send emails sent to short address to redirect it to long address. We are using Office 365(Hybrid). Is it possible that the connector is adding some data which is causing the receiving end to reject it. When an email is directly sent to long address , no issues are caused.
    Please advise.

  7. Victor says:

    There exists a tool named HeaderRewriter that allows an Exchange administrator to substitute any substring in the following SMTP headers of outgoing messages:
    •Message-ID
    •In-Reply-To
    •References

Leave a Reply

Your email address will not be published. Required fields are marked *